Churnd

A good site I've found for a comprehensive step-by-step list for spyware removal:

http://theflyingpenguin.com/spyware-removal.shtml

It has quite a few tools listed in it that I've found to be invaluable.

Never do this. It's probably the worst way to edit what starts up on your PC.

From my link above, use Mike Lin's Startup Control Panel. It doesn't even need to be installed (therefore can be run off a USB drive), and detects everything being started up on that machine.

rimpainter.com

I agree. Great site. I have nearly used all his techniques and ideas, except for the BHO Demon like Mark suggested. Looks like that is the direction I need to head - that or reformat since Winfixer is still with me...

payyourtoll

Ouch. As already stated, if I were in your shoes (which I have been several times), Hijack it, still a problem, format it.

g' luck mate

Kevin286

I was'nt trying to say that using msconfig was a way of 'editing' the startups, just as a way to quickly see what was loading. Sorry about the confusion.

Any progress yet on removing winfixer?

Dark0perator

Heres how I got rid of winfixer:

While your logged in, press ALT+CTRL+DEL
Under the Processes Teb Locate the Image name or Process Winfixer is running under(usally winfixer.exe)
Remember the image Name or Process name and reboot into safe mode.

Once in safe mode do this-> Start Menu ->Search->Type in the image name or Process Winfixer was running under.

You should now see the location in which the main executable is located.
ALT-CTRL-DEL one more time, Goto the Processes tab, Select the Process Winfixer is running under AGAIN->Right click->End Process Tree

Go back to your search window and delet the lil fugger!

Do your spy sweep again to make sure its lil buddies are toast too. You wanna make sure ALL of them are gone, because one invites the other.

Hope that helps.

No need for stupid programs, regediting or msconfig tweeking.

As long as you cut the head from the snake(i.e the main process) the body will die.

BTW to save your self from further heartache, don't use Wintendow's Internet Exploiter. visit www.Firefox.com and download that browser. Its supported by all websites, it runs a lot faster, built in pop-up blocking and you'll bearly get any lil dirty spyware.

Dark0perator

msconfig is great if you know what your doing.
Just stick to the start-up tab. if you want to edit your services, goto control panel, Administrative tools->services. This is also a great way to disable messanger, Remote Registry(pretty big securty flaw), and Server(leaving this on can allow for a protocol analyzer to sniff out packets being sent over your network.. like passwords, creditcard information.. ect..)I also disable Remote Desktop and Windows Security center as its not needed because I use third party firewalls & antivirus protection.

This is ONLY if you know what your doing. So if your not sure; its best to leave it alone.

midiwall

Chris's warning isn't based on getting yourself in trouble using MSCONFIG, it's based on MSCONFIG being VERY easy to compromise programatically, and thus create a false view of what's being loaded.


And... fwiw, "winfixer" does a good job of hiding itself from the process list (and thus it doesn't show up in the task manager). That as well is pretty easy to do in code.


And... Yeah, I _REFUSE_ to use IE for various reasons, this being one of them - but I don't force my beliefs on friends. In this case, my buddy is using IE, so I will work with him to fix the issue.

rimpainter.com

I have also noticed something else about Winfixer. It somehow activates my "work offline" feature. What the heck? This happens EVERY time before Winfixer pops up when I first go to get on the net (cable modem). Then, when I uncheck work offline, Winfixer shows up.

Anybody else notice this?

Dude, I have had just about enough. Anybody know where "Winfixer" is based out of?

mach4

I had this issue a few months back.
The stupid thing tried telling me files on my pc were being accessed and transferred across the net as a ploy to get me to load the program!

Don't know what happened but it just went away.

It did bother the crap out me while it was active though so I feel for you.

midiwall

Christian, man... Are you still fighting this? Holy poo Batman!

Check back at my message #19 on the previous page. Get BHODemon, install it, and at least unhook the thing. Here's the link:

http://www.definitivesolutions.com/bhodemon.htm

I talked to Daryl the other day and he confirms that WinFixer is still dormant on his machine.

rimpainter.com

Will do, thanks Mark!

rimpainter.com

So far so good. BHODemon appears to have done the trick!

midiwall

Kewl... but please go back and read the rest of my old message. BHODemon will disconnect WinFixer from IE, but technically the app is still there, eating memory, just waiting for the (now absent) hook in IE to trigger it.

That doesn't bother everyone, but personally, I don't like crap laying around when I don't know what it is.

The good thing is that you don't have the annoyance.. the bad thing is that it's still on your machine. It _does_ appear though that WinFixer remains 100% dormant without IE poking at it.